Author Topic: CyberCapture  (Read 132764 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture
« Reply #30 on: June 23, 2016, 02:31:46 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.
Visit my webpage Angry Sheep Blog

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: CyberCapture
« Reply #31 on: June 23, 2016, 02:52:22 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.

Thanks, that sounds like something that could be implemented very easily.

Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: CyberCapture
« Reply #32 on: June 23, 2016, 02:53:37 PM »
If at first you don't succeed, then skydiving's not for you.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture
« Reply #33 on: June 23, 2016, 03:11:02 PM »
You're mentioning server side polymorphic malware, since you guys often mention contextual detections, is your system designed to combat this in such a way that if CyberCapture spots several different malicious samples on a same domain, that it blacklists that domain (or IP) automatically and feeds it into Web Shield URL blocker? Because once you block a fixed URL address, they can spawn trillions of new malware samples and they'd all get blocked by URL:Mal part of the Web Shield proactively.
Visit my webpage Angry Sheep Blog

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: CyberCapture
« Reply #34 on: June 23, 2016, 04:07:47 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.
Why leftout Free? :(
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: CyberCapture
« Reply #35 on: June 23, 2016, 04:15:19 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.
Why leftout Free? :(
Because, there is no sandbox. ;)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Alikhan

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
Re: CyberCapture
« Reply #36 on: June 23, 2016, 04:19:39 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.

+1.

This is a great idea.
Windows 10 Home 64-bit • Avast Free (latest stable version) •  Malwarebytes 4 Premium (On-Demand) • Windows Firewall Control • Google Chrome • LastPass • CCleaner • O&O ShutUp10 •

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: CyberCapture
« Reply #37 on: June 23, 2016, 04:20:00 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.
Why leftout Free? :(
Because, there is no sandbox. ;)
But many users used this and avast! send the basic product to testing companies..so why not avast! implement somthing that good for all. :)
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: CyberCapture
« Reply #38 on: June 23, 2016, 04:26:11 PM »
Here is an explanation of CyberCapture directly from Ondrej:
https://blog.avast.com/cybercapture-protection-against-zero-second-attacks
Hopefully this will be a better answer than NG in defending against the latest and as yet unknown threats.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: CyberCapture
« Reply #39 on: June 23, 2016, 04:41:18 PM »
You're mentioning server side polymorphic malware, since you guys often mention contextual detections, is your system designed to combat this in such a way that if CyberCapture spots several different malicious samples on a same domain, that it blacklists that domain (or IP) automatically and feeds it into Web Shield URL blocker? Because once you block a fixed URL address, they can spawn trillions of new malware samples and they'd all get blocked by URL:Mal part of the Web Shield proactively.
Yes, we have already implemented this.

Milos

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture
« Reply #40 on: June 23, 2016, 05:09:47 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.
Why leftout Free? :(
Because, there is no sandbox. ;)
But many users used this and avast! send the basic product to testing companies..so why not avast! implement somthing that good for all. :)

Because:
a) Free version doesn't have sandbox component, at least not one that allows execution of files like paid versions do
b) In the end, they need paying customers and this tiny feature separates Free from paid versions without really affecting user security (if you just wait for the verdict to arrive back).
Visit my webpage Angry Sheep Blog

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: CyberCapture
« Reply #41 on: June 23, 2016, 06:43:58 PM »
Interesting stuff would love to see this feature cover all the entry points.Yep would definately like this.

Right i will try to get this thing triggered :)

Have been too hard coming down on avast!.Can't blame anyone because this program is very reputated and so if it fails its a big no no  for its fanbase.Keep up the good work!
« Last Edit: June 23, 2016, 06:46:29 PM by True Ind »

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture
« Reply #42 on: June 23, 2016, 08:56:43 PM »
Don't feel bad for giving honest criticism. Constructive criticism, even if it looks harsh at first, only makes things better. Pretending everything is fine and praising things to death leads to stagnation. avast! has once again proven it has one of the best communities in the world. Not like for example product which starts with C and ends with O, where I got banned like 3 times on their forums because I was just concerned and honest about the issues it had. Fine, then have your broken crap and praise it to death even though it's broken like a llama which fell off Mount Everest... But fanboys will be fanboys. I used to be avast! fanboy so to speak in the past, but no more. I am a fan, but not a fanboy. Because being fanboy is harmful, not productive.
Visit my webpage Angry Sheep Blog

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture
« Reply #43 on: June 23, 2016, 09:06:26 PM »
@Vlk

I have one more concern or question about CyberCapture, regarding AV-C and AV-TEST. Will their testing methodologies adapt to how your product works? I mean, if results are sometimes returned in 2 hours time, will they wait for a verdict and flag it as miss or hit based on that or how will they operate with it now? I mean, before it was very clear verdict with NG since it took just few seconds and tester could instantly see what happened. With CyberCapture, that changes drastically. And it would be nice to see realistic scores in tests based on how it actually operates.
Visit my webpage Angry Sheep Blog

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: CyberCapture
« Reply #44 on: June 24, 2016, 02:53:40 AM »
Don't feel bad for giving honest criticism. Constructive criticism, even if it looks harsh at first, only makes things better. Pretending everything is fine and praising things to death leads to stagnation. avast! has once again proven it has one of the best communities in the world. Not like for example product which starts with C and ends with O, where I got banned like 3 times on their forums because I was just concerned and honest about the issues it had. Fine, then have your broken crap and praise it to death even though it's broken like a llama which fell off Mount Everest... But fanboys will be fanboys. I used to be avast! fanboy so to speak in the past, but no more. I am a fan, but not a fanboy. Because being fanboy is harmful, not productive.
+100. :D
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast